1. Field of the Invention
The present invention relates to a system for distributing software products and a scheme for utilizing distributed software products.
2. Description of the Background Art
Due to the spread of computers and computer networks, it is now possible to realize the software distribution entirely electronically, without utilizing the conventional trade system based on cash payment.
The major problem in the software distribution now is how to specify a person who is trying to acquire the software and charge this person safely at a time of distributing the software that can be rather easily copied.
Conventionally, a charging mechanism on the computer network has utilized the authentication technique based on the cryptography. For example, in a case of notifying a credit card number on the computer network, it has been necessary to encrypt the credit card number and transfer the encrypted credit card number so that a third person cannot obtain the credit card number illegally by wiretapping the communication line.
On the other hand, a scheme for preventing an illegal copy has also been developed. The most frequently employed scheme is to apply some encryption to the software so that only a person who has a key (a cipher key, a password, etc.) for decrypting encrypted data can obtain the actual content of the software. However, in this scheme, it is still possible to make an illegal copy of the software by illegally copying the key or password itself.
As it has been quite difficult to resolve all-these problems completely by means of the software alone, there has been a proposition of a system called super-distribution which presumes a use of some special hardware. Namely, this is a system which uses a hardware functioning as a black box that outputs some output data in response to an entered input data, while a content of this hardware itself cannot be analyzed even by the owner of this hardware. For example, it is possible to realize a scheme in which the encrypted data cannot be decrypted unless this function of a black box is available, by means of the conventional cryptographic technique such as the public key cryptosystem.
However, this scheme is not very practical because it is necessary for every customer to have his own dedicated hardware and utilize this hardware all the times. In addition, even if this scheme is employed, it is not going to be able to prevent the illegal copy completely. For instance, even if only a particular person can replay the music provided by the software, it is still possible to copy that music by recording that music itself using some recording device. Because of these limitations, the super-distribution system has not been widely accepted commercially.
FIG. 1 shows a conventional scheme for safely sending a credit card number on the network by utilizing the cryptographic technique.
In FIG. 1, the left side represents a store which is offering the software for sale and the right side represents a customer who is trying to purchase the software. These store and customer are connected by a computer network (which will be abbreviated hereafter as a network) such as a telephone line or Internet. Note here that functions on the store side and functions on the customer side are basically to be realized by means of softwares.
The store has a store secret key 101 and a store public key 102 according to the public key cryptosystem in advance. The store secret key 101 is stored in a store secret key storage unit 350, and its content cannot be referred from the others. The store public key is publicly disclosed so that anyone can acquire it through the network.
When the customer purchases the software, the customer first generates a shared key 103 at a shared key generation unit 302 in order to establish a safe communication with the store. This is done by generating a random number which cannot be guessed by the others. This shared key 103 is also referred to as a session key as it is shared during a particular session. The generated shared key 103 is then encrypted by a shared key encryption unit 312. The store public key 102 is utilized for this encryption.
The shared key encryption unit 312 gives this encrypted shared key 104 to a shared key transmission unit 314, and then the shared key transmission unit 314 transmits this encrytted shared key 104 to the store side through the network. At the store side, a shared key decryption unit 352 receives this encrypted shared key 104, and descrypts it using the store secret key 101 so as to obtain the shared key 103.
On the other hand, at the customer side, an information encryption unit 316 encrypts an information to be transmitted to the store side, by using the shared key 103. For instance, this information encryption unit 316 is utilized in encrypting a credit card number to be transmitted to the store side. The encrypted information 107 obtained by the information encryption unit 316 is then transmitted to the store side through the network by an information transmission unit 318. At the store side, an information decryption unit 354 receives the encrypted information 107 and descrypts it by using the shared key 103 so as to obtain the information transmitted from the customer side.
According to this procedure, an information such as a credit card number can be transmitted safely through the network. Namely, the shared key 103 encrypted by using the store public key 102 can be decrypted only by the store who has the store secret key 101 according to the principle of the public key cryptosystem. Moreover, the transmitted information can only be descrypted by the store and the customer who shared the shared key 103 in this manner.
By the above described scheme, it is possible to sell the software only to a legitimate user who actually notified a necessary information such as a credit card number. However, the software can be copied easily in general, so that it is difficult to prevent an illegal act of copying the purchased software and distributing or selling the copied software.
There are many propositions for preventing such an illegal act, such as a scheme for making the software operable only upon an entry of a specific password or a scheme for making the software executable only upon an acquisition of a license from a specific server at a time of each execution, rather than selling the software as it is, but none of them has proven to be definitive. The reason is that it is still possible to make an illegal copy of the purchased software by copying not just the software itself alone but all surrounding portions of the customer side system (software) that are necessary in utilizing the software as well so as to reproduce the identical software utilization environment elsewhere, and therefore it is possible to commit this illegal act without any serious risk.
On the other hand, in a case of using a system which requires a complicated procedure such as an entry of a credit card number of a customer or a user ID or a password assigned to that customer in every occasion of the purchase, it is practically impossible to realize an elaborated charging scheme such as that for charging three yen for the tomorrow's weather forecast (as a low value service will be disused when a procedure is complicated). As a consequence, only expensive softwares could be distributed successfully and some software right owners could profit enormously while some other software right owners could not profit at all, so that the proper growth of the software distribution cannot be expected.
Even when a mechanism for storing a credit card number in a computer and automatically transmitting the stored credit card number is used in order to resolve this situation, for example, there is a possibility for the illegal use of that computer by a third person when that computer is stolen, so that the convenience and the safety cannot be achieved simultaneously.
As described, in the conventional software distribution system, it is possible to make a purchase order electronically without a danger of having a credit card number stolen, but a measure against the illegal copy of the purchased software has been insufficient. This is because a process of ordering the software and a process of utilizing the software have been separate processes from a customer's viewpoint, and it has been possible to apply various illegal methods for realizing the illegal copy to the software once the software was purchased.
In addition, in some conventional software distribution system, it has been difficult to establish an elaborated charging scheme such as that for charging the same customer repeatedly when this customer utilizes the same software at different computers, for example.
Nowadays, due to the rapid spread of the Internet, a system for electronically distributing information such as programs and charging for the distributed information is widely in use.
The major requirements in realizing the software distribution through a network such as the Internet include: (1) a mechanism for specifying a person who is trying to acquire the software and charging this person safely (a high security measure); (2) a protection of the copyright of the software in view of the fact that the software can be rather easily copied (a prevention of illegal copy); and a measure against a spread of the software containing virus.
Of these, (1) and (2) are already discussed above. As for (3), this is an indispensable requirement because the information such as programs is to be exchanged through the network.
In addition, it is also necessary to consider an effective utilization of communication resources by accounting for the communication line cost, etc., in view of the fact that a large amount of information is to be transmitted through the network.
From a point of view of the user's convenience, operations such as those for downloading programs through the network and installing them into a user's own terminal can be too difficult especially for those who are not accustomed to handle a personal computer. In order to realize a wide spread of such a system, it is expected to be required that even a person without much knowledge about the personal computer, the communication, etc. must be able to operate a system easily.
Moreover, in a case of selling the electronic information through the network, it is also necessary to provide a measure for handling a user's dissatisfaction with the purchased software product, because it is impossible to actually return the purchased software product itself even when a user is dissatisfied with the purposed software product.
Furthermore, it is desirable for such a system to be able to deal with the version updating of the software through the network easily, as it contributes to increase a user's reliability on a sales agent and a user's enthusiasm for purchasing the software product, thereby realizing a wide spread of a system.
Thus the conventional software distribution system has been associated with problems that not enough considerations have been given to the illegal copy of the software and the user's convenience.